Creating Security Groups

Security groups define what ports and addresses that your servers will respond to. They also define what addresses that your servers can send information to. In an very common design pattern, you would create security groups and subnets for every tier in your stack, typically web, business logic, and database. For this example, I’ll forgo that for something much simpler: a single business tier with a couple security groups to define allowed incoming and outgoing traffic.

The first security group will allow SSH access. Here’s how I represent it in a Cloudformation template:

AWS resources always have a Type, and in this case it is AWS::EC2::Instance. Other important attributes are defined within the Properties object. Note a few of the important properties: ImageId, SecurityGroupIds, InstanceType, KeyName, and SubnetId.

Servers are created with OS and application images. Images are predefined and have identifiers like ami-d2c924b2, which happens to be a minimal CentOS image. You can create your own image or pick from hundreds, maybe thousands, at the AWS Marketplace.

The SecurityGroupIds assigns security groups. In this case, I’ve assigned 2. The “Ref” keyword means that these security group ids are defined within this same Cloudformation template by their logical id.

The InstanceType defines the server CPU and basic RAM sizes. The t2.micro has 1 GB RAM and 1 virtual CPU. Of course, your application needs will much likely be different. For this example, I will eventually deploy a simple RESTful service, and I think this size will suffice.

Finally, KeyName refers to a keypair defined in my AWS account. If you want to SSH into any instance, you’ll need to associate a keypair and references its name in the Cloudformation template. You can also create key pairs within the template, which I have not done here.

Finishing the Deployment

The last step just deploys a server, a do-nothing server that just sits there. Of course, the point of this blog series is more significant. I wanted to show how to use Cloudformation to set up a network and deploy an application within it. So there is one last piece to this: deploying an application onto the server.

Stay tuned for the last blog in this particular series. Next step: deploy an application.

Getting Source Code

You can see the source for this example on my Github charprops project. The final project will deploy a character properties service that provides Unicode data on characters. Check it out and help out too!